Security Advisory

CVE-2018-19127

CVE vulnerability detail — eXtreme Datacenter Security Operations

Published 2018-11-09 12:00:00

Last updated 2024-08-05 11:30:03

Assigner mitre

State PUBLISHED

Description

A code injection vulnerability in /type.php in PHPCMS 2008 allows attackers to write arbitrary content to a website cache file with a controllable filename, leading to arbitrary code execution. The PHP code is sent via the template parameter, and is written to a data/cache_template/*.tpl.php file along with a "<?php function " substring.

← Browse all CVEs View on cve.org ↗